Examples with AuthorizationDetails org.keycloak.rar.AuthorizationDetails used on opensource projects

Search in sources :

Example 1 with AuthorizationDetails

use of org.keycloak.rar.AuthorizationDetails in project keycloak by keycloak.

the class ClientScopeAuthorizationRequestParser method buildAuthorizationDetailsJSONRepresentation.

/**
 * From a {@link IntermediaryScopeRepresentation}, create an {@link AuthorizationDetails} object that serves as the representation of a
 * ClientScope inside a Rich Authorization Request object
 *
 * @param intermediaryScopeRepresentation the intermediary scope representation to be included into the RAR request object
 * @return see description
 */
private AuthorizationDetails buildAuthorizationDetailsJSONRepresentation(IntermediaryScopeRepresentation intermediaryScopeRepresentation) {
    AuthorizationDetailsJSONRepresentation representation = new AuthorizationDetailsJSONRepresentation();
    representation.setCustomData("access", Collections.singletonList(intermediaryScopeRepresentation.getRequestedScopeString()));
    representation.setType(STATIC_SCOPE_RAR_TYPE);
    if (intermediaryScopeRepresentation.isDynamic() && intermediaryScopeRepresentation.getParameter() != null) {
        representation.setType(DYNAMIC_SCOPE_RAR_TYPE);
        representation.setCustomData("scope_parameter", intermediaryScopeRepresentation.getParameter());
    }
    return new AuthorizationDetails(intermediaryScopeRepresentation.getScope(), AuthorizationRequestSource.SCOPE, representation);
}
Also used : AuthorizationDetailsJSONRepresentation(org.keycloak.representations.AuthorizationDetailsJSONRepresentation) AuthorizationDetails(org.keycloak.rar.AuthorizationDetails)

Example 2 with AuthorizationDetails

use of org.keycloak.rar.AuthorizationDetails in project keycloak by keycloak.

the class AuthenticationManager method actionRequired.

public static Response actionRequired(final KeycloakSession session, final AuthenticationSessionModel authSession, final HttpRequest request, final EventBuilder event) {
    final RealmModel realm = authSession.getRealm();
    final UserModel user = authSession.getAuthenticatedUser();
    final ClientModel client = authSession.getClient();
    evaluateRequiredActionTriggers(session, authSession, request, event, realm, user);
    logger.debugv("processAccessCode: go to oauth page?: {0}", client.isConsentRequired());
    event.detail(Details.CODE_ID, authSession.getParentSession().getId());
    Stream<String> requiredActions = user.getRequiredActionsStream();
    Response action = executionActions(session, authSession, request, event, realm, user, requiredActions);
    if (action != null)
        return action;
    // executionActions() method should remove any duplicate actions that might be in the clientSession
    action = executionActions(session, authSession, request, event, realm, user, authSession.getRequiredActions().stream());
    if (action != null)
        return action;
    // so the consent is required when running a verification flow of OAuth 2.0 Device Authorization Grant.
    if (client.isConsentRequired() || isOAuth2DeviceVerificationFlow(authSession)) {
        UserConsentModel grantedConsent = getEffectiveGrantedConsent(session, authSession);
        List<AuthorizationDetails> clientScopesToApprove = getClientScopesToApproveOnConsentScreen(grantedConsent, session);
        // Skip grant screen if everything was already approved by this user
        if (clientScopesToApprove.size() > 0) {
            String execution = AuthenticatedClientSessionModel.Action.OAUTH_GRANT.name();
            ClientSessionCode<AuthenticationSessionModel> accessCode = new ClientSessionCode<>(session, realm, authSession);
            accessCode.setAction(AuthenticatedClientSessionModel.Action.REQUIRED_ACTIONS.name());
            authSession.setAuthNote(AuthenticationProcessor.CURRENT_AUTHENTICATION_EXECUTION, execution);
            return session.getProvider(LoginFormsProvider.class).setAuthenticationSession(authSession).setExecution(execution).setClientSessionCode(accessCode.getOrGenerateCode()).setAccessRequest(clientScopesToApprove).createOAuthGrant();
        } else {
            String consentDetail = (grantedConsent != null) ? Details.CONSENT_VALUE_PERSISTED_CONSENT : Details.CONSENT_VALUE_NO_CONSENT_REQUIRED;
            event.detail(Details.CONSENT, consentDetail);
        }
    } else {
        event.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED);
    }
    return null;
}
Also used : AuthenticationSessionModel(org.keycloak.sessions.AuthenticationSessionModel) RootAuthenticationSessionModel(org.keycloak.sessions.RootAuthenticationSessionModel) UserConsentModel(org.keycloak.models.UserConsentModel) RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) BackchannelLogoutResponse(org.keycloak.protocol.oidc.BackchannelLogoutResponse) Response(javax.ws.rs.core.Response) ClientModel(org.keycloak.models.ClientModel) LoginFormsProvider(org.keycloak.forms.login.LoginFormsProvider) AuthorizationDetails(org.keycloak.rar.AuthorizationDetails)

Example 3 with AuthorizationDetails

use of org.keycloak.rar.AuthorizationDetails in project keycloak by keycloak.

the class AuthenticationManager method nextRequiredAction.

// Return null if action is not required. Or the name of the requiredAction in case it is required.
public static String nextRequiredAction(final KeycloakSession session, final AuthenticationSessionModel authSession, final HttpRequest request, final EventBuilder event) {
    final RealmModel realm = authSession.getRealm();
    final UserModel user = authSession.getAuthenticatedUser();
    final ClientModel client = authSession.getClient();
    evaluateRequiredActionTriggers(session, authSession, request, event, realm, user);
    Optional<String> reqAction = user.getRequiredActionsStream().findFirst();
    if (reqAction.isPresent()) {
        return reqAction.get();
    }
    if (!authSession.getRequiredActions().isEmpty()) {
        return authSession.getRequiredActions().iterator().next();
    }
    String kcAction = authSession.getClientNote(Constants.KC_ACTION);
    if (kcAction != null) {
        return kcAction;
    }
    if (client.isConsentRequired() || isOAuth2DeviceVerificationFlow(authSession)) {
        UserConsentModel grantedConsent = getEffectiveGrantedConsent(session, authSession);
        // See if any clientScopes need to be approved on consent screen
        List<AuthorizationDetails> clientScopesToApprove = getClientScopesToApproveOnConsentScreen(grantedConsent, session);
        if (!clientScopesToApprove.isEmpty()) {
            return CommonClientSessionModel.Action.OAUTH_GRANT.name();
        }
        String consentDetail = (grantedConsent != null) ? Details.CONSENT_VALUE_PERSISTED_CONSENT : Details.CONSENT_VALUE_NO_CONSENT_REQUIRED;
        event.detail(Details.CONSENT, consentDetail);
    } else {
        event.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED);
    }
    return null;
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) AuthorizationDetails(org.keycloak.rar.AuthorizationDetails) UserConsentModel(org.keycloak.models.UserConsentModel)

Example 4 with AuthorizationDetails

use of org.keycloak.rar.AuthorizationDetails in project keycloak by keycloak.

the class AuthorizationContextUtil method getAuthorizationRequestContextFromScopesWithClient.

/**
 * An extension of {@link AuthorizationContextUtil#getAuthorizationRequestContextFromScopes} that appends the current context's client
 * @param session
 * @param scope
 * @return an {@link AuthorizationRequestContext} with scope entries and a ClientModel
 */
public static AuthorizationRequestContext getAuthorizationRequestContextFromScopesWithClient(KeycloakSession session, String scope) {
    AuthorizationRequestContext authorizationRequestContext = getAuthorizationRequestContextFromScopes(session, scope);
    authorizationRequestContext.getAuthorizationDetailEntries().add(new AuthorizationDetails(session.getContext().getClient()));
    return authorizationRequestContext;
}
Also used : AuthorizationDetails(org.keycloak.rar.AuthorizationDetails) AuthorizationRequestContext(org.keycloak.rar.AuthorizationRequestContext)

Aggregations

AuthorizationDetails (org.keycloak.rar.AuthorizationDetails)4 ClientModel (org.keycloak.models.ClientModel)2 RealmModel (org.keycloak.models.RealmModel)2 UserConsentModel (org.keycloak.models.UserConsentModel)2 UserModel (org.keycloak.models.UserModel)2 Response (javax.ws.rs.core.Response)1 LoginFormsProvider (org.keycloak.forms.login.LoginFormsProvider)1 BackchannelLogoutResponse (org.keycloak.protocol.oidc.BackchannelLogoutResponse)1 AuthorizationRequestContext (org.keycloak.rar.AuthorizationRequestContext)1 AuthorizationDetailsJSONRepresentation (org.keycloak.representations.AuthorizationDetailsJSONRepresentation)1 AuthenticationSessionModel (org.keycloak.sessions.AuthenticationSessionModel)1 RootAuthenticationSessionModel (org.keycloak.sessions.RootAuthenticationSessionModel)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial